DEV Community: Prateek Wayne

😈 Dare to Commit Secrets to GitHub? With SOPS & GPG, I Do! 🤫

Prateek Wayne — Mon, 03 Nov 2025 08:04:56 +0000

Stop Sharing Secrets in Slack & Teams ! 🔐 Commit Them Safely Instead

Ever had that awkward moment when a new teammate joins and you need to share API_KEY_PROD over Teams? 😬 We've all been there searching for the "least embarrassing" way to send secrets without exposing them in chat history.

But what if I told you we could commit secrets directly to our codebase safely and securely?

The Problem with Traditional Secret Sharing

📱 Sharing via Slack/Teams leaves traces in chat history
📧 Email isn't secure for sensitive data
🔄 Manual sharing doesn't scale with team growth
😰 Always worried about who has access to what

The Solution: SOPS + GPG Magic ✨

SOPS (Secrets OPerationS) + GPG encryption = Git-native secret management that actually works!

Here's the genius part: SOPS encrypts only the values while keeping keys readable. Your config files remain auditable and version-controlled.

Before (Raw secrets - DON'T DO THIS! ❌)

api_key: sk-prod-1234567890abcdef
database_password: super_secret_password

After (SOPS encrypted - SAFE! ✅)

api_key: ENC[AES256_GCM,data:v2svKtCydFchhEalpb5ptHM=,iv:kwjrP2JJ7yN8Z...]
database_password: ENC[AES256_GCM,data:qUfnJp7K3s0BLRfgLEKuog==,iv:4iIqV4DmoxrQ...]

How It Works (The Simple Version)

🔑 Team members add their GPG keys to GitHub
📝 New teammate requests access via Pull Request
🤖 Admin runs automated script to grant access
🔓 Everyone can decrypt secrets locally with their own key

Real Implementation: Step by Step

I've built a working demo that shows exactly how this works. Let's walk through it:

Step 1: Setup Your GPG Key on GitHub

First, make sure GitHub knows your public GPG key:

Go to GitHub Settings → SSH and GPG keys
Generate a new GPG key if you don't have one
Add your public key to GitHub

📖 GitHub's GPG Guide

Step 2: Request Secret Access

Instead of asking for secrets in Slack, you simply:

Clone the repository
Add your GitHub username to .sops.yaml:

creation_rules:
  - pgp: >-
      196e2fb0add1fa0ea00e377eb92cc7cd1b5275ca,d7d1ff182af9f304af01db8f15ef228052ff6d2f
    github:
      - prateek-wayne
      - ajayyadavcstech
      - your-username # <-- Add yourself here

Create a Pull Request

That's it! No secret sharing required. 🎉

Step 3: Automated Admin Approval

The magic happens here. Admin runs a simple Node.js script that:

✅ Fetches public keys from GitHub profiles automatically
✅ Updates encryption keys to include new team member
✅ Re-encrypts all secrets with the combined team keys

cd tools
npm install
node index.js

Step 4: Decrypt Locally

Once your PR is merged, you can decrypt secrets locally:

# For .env files
./scripts/decrypt-env.sh

# For YAML configs
./scripts/decrypt-yaml.sh

The decrypted files are automatically Git-ignored, so they never accidentally get committed.

Why This Approach Rocks 🚀

🔒 Security: Military-grade GPG encryption
📊 Auditability: Full history of who has access when
🔄 Scalability: Automated onboarding/offboarding
💰 Cost: Completely free with existing tools
🎯 Git-native: Works with your existing workflow

Try It Yourself

I've created a complete working example that demonstrates this entire workflow:

🔗 Demo Repository

The repo includes:

Sample encrypted .env and .yaml files
Automated key synchronization scripts
Cross-platform decryption scripts (Linux, macOS, Windows)
Complete documentation

Conclusion: Embrace Git-Native Security 🛡️

Stop sharing secrets over chat. Start treating them like code - version controlled, auditable, and secure.

Your future self (and your security team) will thank you! 🙏

What's your current approach to secret management? Have you tried SOPS before? Drop a comment below! 👇

React JS with Yarn 4

Prateek Wayne — Sat, 18 May 2024 16:08:07 +0000

Yarn 4 introduces several advancements and features that enhance the developer experience. It requires Node.js 18+ and has made significant changes like not enabling Zero-Install by default and using Corepack over yarnPath.

We can use yarn 4 with react js by following these steps.
Must be Yarn 4
check yarn version
yarn -v:

Now we will create a React Project:yarn create react-app my-app

Unlike in previous version of yarn,we used to have node-modules
but yarn 4 comes with Plug'n'Play and Zero-Installs.
it contains 2 new files:

.pnp.cjs
.pnp.loader.mjs

.pnp.cjs file contains info about all the package that mentioned in package.json

Plug N Play is faster than node-modules but some times due to some dependencies issue ,it might not work for some projects

With Yarn 4 we can still use node-modules
Just we have to paste this command:yarn config set nodeLinker node-modules
it will create a file name :.yarnrc.yml
which contains:

Now doing yarn install:yarn install
will bring back node_modules folder
changes:

we will find that .pnp files are deleted

Improving Code Quality with Mega -Linter 🧹

Prateek Wayne — Sat, 18 May 2024 07:22:23 +0000

What Is a Linter? 🧹

A linter is a tool that analyzes your code for potential issues, style violations, and best practices.
It helps maintain consistency, readability, and overall code quality. Linters can catch errors early, making debugging easier.

Setting Up a Mega Linter in a Node.js Project .

Setup a simple Node JS Project

npm init -y

a package.json will be created.

Setting up Megalinter in a Project

we can set up mega linter in our project just by running a simple command
npx mega-linter-runner --install

Megalinter supports multiple techstacks

Dart
Documentation
C, C++, C# or Visual Basic.net
Go
Java / Groovy / Kotlin
Javascript / Typescript
PHP
Python
Ruby
RUST ....many more

In our case we will select :Javascript / Typescript

It will further ask for customization:

We will select GithubAction
further we will opt these minimal configurations:

Understanding Changes Files

These are files being created and updated :

.github/workflows/mega-linter.yaml this contains the workflow ,which will trigger when a pull request is raised:

we can change these triggers as our need

.cpell.json

.mega-linter.yml This file contains the configuration that we have opted earlier

When we push our changes to github repository
The workflow will gets triggered which we can see in the Action tab of our repository.
Here we can see the failing checks and errors which we have to fix:

Conclusion 🎉
MegaLinter combines multiple linters into one powerful tool, simplifying code quality checks.
Remember to customize the content and add any specific examples or experiences you’d like to share. Feel free to ask questions or leave comments in the section below! 💗

More In-Depth Details
For a deeper dive into MegaLinter, visit the official documentation: https://megalinter.io/latest/
Connect with Me
Github:https://github.com/Prateek-Wayne/
Linkedin: https://www.linkedin.com/in/prateek-verma-8125b3201/
Instagram:https://www.instagram.com/prateek_wayne/
Happy coding! 🚀